CVE-2022-45866 Information

Description

qpress before PierreLvx/qpress 20220819 and before version 11.3 as used in Percona XtraBackup and other products allows directory traversal via ../ in a .qp file.

Reference

https://github.com/EvgeniyPatlan/qpress/commit/ddb312090ebd5794e81bc6fb1dfb4e79eda48761 https://pkgs.org/download/qpress https://github.com/PierreLvx/qpress/compare/20170415…20220819 https://github.com/PierreLvx/qpress/pull/6 https://github.com/percona/percona-xtrabackup/pull/1366